Medic Alert Privacy Statement

Last Revised:May 2011

The purpose of this Privacy Statement is to inform you about the types of Personal Information that the Medic Alert Foundation – New Zealand Incorporated (“we” or “us”) collect, use and disclose. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may request access to or correction of that information.

We are proud to demonstrate our commitment to your privacy, by keeping up-to-date with the laws and regulations under applicable privacy laws in New Zealand.

From time-to-time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the “last revised” date which appears at beginning of this document. Our Privacy Officer is accountable for our compliance with this Privacy Statement and our Privacy Policy. This Privacy Statement applies to any information we collect or receive about you, from any source.

How do we collect your Personal Information?

We will always collect your Personal Information by fair and lawful means (for example, when you complete an application form, in person or online, or by telephone). Most often we will collect your Personal Information directly from you or your doctor, where we have obtained your consent to do so. Occasionally, we may collect Personal Information from a third party, based on your consent, or as otherwise permitted by law.

How do we use your Personal Information?

We identify the purposes for which we use your Personal Information at or before the time we collect such information from you and obtain your consent, and in any case, prior to such use. We generally use your Personal Information only for purposes to which you have consented, which may include providing and delivering products or services to you, and ensuring a satisfactory relationship with you and for internal purposes such as administering or improving our websites. We may also use your Personal Information for statistical purposes, to develop our services and assess the needs of those using the services. In addition, we may use your Personal Information as otherwise permitted or required by law, including the Privacy Act 1993.

To whom do we provide your Personal Information?

We limit the disclosure of your Personal Information to circumstances where disclosure is required to carry out a purpose you have consented to or as otherwise permitted or required by law. For example, we may disclose your Personal Information:

to third party service providers with whom we have a contractual agreement, which includes appropriate privacy standards, for the purpose of performing functions such as jewellery engraving, or providing the Hotline service, database services or information technology support;

to emergency responders and other health care providers as necessary in the circumstances;

to third parties in the context of a transaction involving all or part of Medic Alert Foundation – New Zealand Incorporated, such as a merger. In such circumstances, we will take reasonable steps to ensure the security of the information prior to disclosure;

to third parties for the purpose of compiling statistics about the use of Medic Alert services;

such other disclosures of Personal Information to such persons for which you provide your consent; and

as otherwise permitted or required by law.

When and how do we obtain your consent?

We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information. We obtain your consent either orally or in writing (either on paper or online). Prior to collecting your information from you, we generally tell you the purposes for which we will use or disclose the information. Sometimes the purposes are obvious, in which case your consent may be implied. Where appropriate, we may collect, use or disclose your Personal Information based on a consent given on your behalf by an authorized third party, or as otherwise permitted by law.

How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?

We ensure that all our affiliates and other third parties which are engaged to perform services on our behalf and are provided with Personal Information, are required by contract to observe the intent of this Privacy Statement.

How long will we use, disclose or retain your Personal Information?

We may keep a record of your Personal Information, correspondence or comments, in a file specific to you at our offices at Level 8, CBD Towers, Upper Hutt, New Zealand. We will use, disclose or retain your Personal Information for as long as necessary to fulfil the purposes for which it was collected and as permitted or required by law. We will establish minimum and maximum retention periods and procedures for maintaining and destroying your Personal Information, but in any event we will keep your Personal Information no longer than is necessary.

How can you review your Personal Information that we have collected, used or disclosed?

We will make available to your Personal Information, that we have collected, used or disclosed, upon your written request, to the extent permitted by law. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes.

How do you know that the Personal Information we have about you is accurate?

We will endeavour to ensure that your Personal Information is kept as accurate, complete and up-to-date as necessary. However, we generally do not routinely update your Personal Information. We rely on you to supply us with updates to your Personal Information, when required. Members may update their information through ManageMyHealth.co.nz

What if the Personal Information we have about you is inaccurate?

You can, at any time, request changes to the Personal Information we have about you. If you inform us that the Personal Information we have about you is inaccurate or incomplete, we will amend the Personal Information where appropriate. Where appropriate, we will provide the amended information to third parties having access to your Personal Information.

How do we know that it is really you requesting your Personal Information?

We may request that you provide sufficient identification to permit safe access to the existence, use or disclosure of your Personal Information. Any such identification information shall be used only for this purpose unless we have your consent to use or disclose it for other purposes.

How fast will we respond to your written requests?

We will attempt to respond to each of your written requests to access or correct your Personal Information, or to withdraw your consent, not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your request within this time limit and of the grounds for any extension of time. You have the right to make a complaint to the Privacy Commissioner in respect of this time limit.

Are there any costs to you for requesting information about your Personal Information or about our privacy policies and practices?

There is no charge for obtaining a copy of our Privacy Statement. In limited circumstances, we may charge a reasonable fee to cover the cost of transcription, reproduction or transmission of your Personal Information. We will not charge any such fee without first providing you with an estimate. You must then tell us within thirty (30) days if you accept the fee and wish to proceed with your request. If you do not notify us within that time, we will send you a further notice indicating that you will be deemed to have withdrawn your request for access unless you advise us otherwise within thirty days. If after the expiry of this thirty-day period, you have not told us whether you wish to proceed or withdraw your request, we will deem your request to have been withdrawn and provide you with written notice to that effect.

What safeguards have we implemented to protect your Personal Information?

We have implemented physical, organisational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees and contractors who are granted access to your Personal Information, are those with a business ‘need-to-know’ or who reasonably require such information to carry out their duties.

How do you contact us regarding access to your Personal Information or our Privacy Policy and Practices?

All comments, questions, concerns or complaints regarding your Personal Information or our privacy policy and practices, should be forwarded to Medic Alert as follows.